Hash Functions from Defective Ideal Ciphers
Aishwarya Thiruvengadam - MC2
- You are subscribed to this talk through .
- You are watching this talk through .
- You are subscribed to this talk. (unsubscribe, watch)
- You are watching this talk. (unwatch, subscribe)
- You are not subscribed to this talk. (watch, subscribe)
Registration requested:
The organizer of this talk requests that you register if you
are planning to attend. There are two ways to register:
(1) You can create an account on this site (click the "register"
link in the upper-right corner) and then register for this talk;
or (2) You can enter your details below and click the "Register
for talk" button. Either way, you can always cancel your
registration later.
Abstract
Cryptographic constructions are often designed and analyzed in idealized
frameworks such as the random-oracle or ideal-cipher models. When the
underlying primitives are instantiated in the real world, however, they
may be far from ideal. Constructions should therefore be robust to known
or potential defects in the lower-level primitives.
With this in mind, we study the construction of collision-resistant hash
functions from ``defective'' ideal ciphers. We introduce a model for ideal
ciphers that are vulnerable to differential related-key attacks, and explore
the security of the classical PGV constructions from such weakened
ciphers. We find that although none of the PGV compression functions
are collision-resistant in our model, it is possible to prove collision
resistance up to the birthday bound for iterated (Merkle-Damgard)
versions of four of the PGV constructions. These four resulting hash
functions are also optimally preimage-resistant.
This is joint work with Jonathan Katz and Stefan Lucks.
This talk is organized by Yupeng Zhang